A month after the Mobile Marketing Association released its Mobile Application Privacy Policy Framework (which we blogged about here), the GSM Association (GSMA) announced the release of its Privacy Design Guidelines for Mobile Application Development. The guidelines seek to provide developers with specific design points meant to enhance mobile application users’ abilities to guard personal information within mobile apps.

The mobile application business has experienced exponential growth over the past several years due to the increasing popularity of mobile devices. According to the GSMA, a global organization representing the interests of roughly 1,000 mobile operators and companies, “[a] critical factor for the sustainable development of [the mobile] eco-system is a robust and effective framework for the protection of privacy, where users can continue to have confidence and trust in mobile applications and services.”

The GSMA’s new Privacy Guidelines provide a foundation for that framework. Previously, in 2011, the GSMA published its Mobile Privacy Principles, which established certain high-level privacy principles meant to provide “meaningful transparency, notice, choice, and control for users with regards to their personal information and the safeguarding of their privacy.” The new Privacy Guidelines, which the GSMA developed through comments received from industry stakeholders and regulators, provide functional guidance regarding the implementation of those principles.

Specifically, the Privacy Guidelines encourage developers to adopt a proactive Privacy-By-Design approach by implementing the following:

Transparency, Choice, and Control

Give prior “who-what-why” notice and obtain a user’s “active consent” for the collection, use, and sharing of personal information, as well as any application changes affecting privacy (“active consent” occurs where a user has the opportunity to agree to the specific use of personal information)

Collect and use only reasonable amounts of information within the scope of the user’s expectations

Allow users to control the frequency of reminders about features which use personal information

Provide age-targeted information regarding the consequences of using an application

Ensure the default location setting prevents a user from publishing his or her location

Comply with applicable jurisdictional laws regarding the protection of children

Where possible, include an age verification mechanism

Accountability and Enforcement

Assign responsibility for privacy issues throughout the application’s lifespan

Provide a means for users to report application problems.

Anne Bouverot, the Director General of the GSMA, labeled the Privacy Guidelines as “an important first step in establishing best practices for [the mobile application] industry.” In fact, several European mobile operators are already in the process of implementing the Privacy Guidelines for their branded mobile applications (France Telecom – Orange, Telecom Italia, Deutsche Telekom, Telekom Austria Group, Telenor Group, TeliaSonera, Vodafone, and Telefónica).

Stay Connected

About Proskauer Rose LLP

Proskauer is a leading international law firm focused on creating value. Our roots go back to 1875, when we were founded in New York City. With 725+ lawyers active in virtually every major market worldwide, we are recognized not only for our legal excellence, but also our dedication to client service.

Our clients include many of the world’s top companies, financial institutions, investment funds, not-for-profit institutions, governmental entities and other organizations across industries and borders. We also represent individuals in transactions and other matters.

In addition to New York, we have offices in Beijing, Boston, Chicago, Hong Kong, London, Los Angeles, Paris, São Paulo and Washington, D.C., as well as Boca Raton, Newark and New Orleans.

This Blog/Web Site is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Web Site publisher. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.